Applying data science to identify malicious actors in enterprise logs

Presented at BSidesDC 2016, Oct. 22, 2016, 1:30 p.m. (50 minutes)

Applying data science to identify malicious actors in enterprise logs

The presentation will provide guidelines on information security data science insights with repeatable process and examples on visualizing and applying machine leaning to information security data for identifying malicious actors. One of the key strengths of security teams is access to enterprise log data, meta-data, network traffic data, and netflow data. The challenge is finding and isolating the bad actors from legitimate traffic. Security professionals can benefit by applying machine learning and data science on enterprise data to find anomalies and identify patterns which will be helpful in isolating events which might indicate compromise. Steps involved in applying machine learning algorithms are to visualize and combine data cleansing with clever feature engineering, choose right metric/method for estimating model performance and then spend a lot of time tuning the parameters.

Presenters:

• Balaji Balakrishnan - Senior Information Security Officer at World Bank
  Balaji Balakrishnan has more than 16 years’ experience in IT and Information security domain specializing in security operations management and incident response. He has worked in major financial services organizations and has lead 24/7 SOCs/incident response teams.

Links:

• https://bsidesdc2016.busyconf.com/schedule#activity_5772d9faa0af55ea200002b5
• https://www.youtube.com/watch?v=iS3qLdaRtgI

Similar Presentations:

• DeepSec 2019 „Internet of Facts and Fears“ / What Has Data Science Got To Do With It?
• BSidesLV 2016 / Data Science or Data Pseudo-Science? Applying Data Science Concepts to Infosec without a PhD
• Black Hat USA 2015 / Why Security Data Science Matters and How It's Different: Pitfalls and Promises of Data Science Based Breach Detection and Threat Intelligence